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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 23 October 2003 . 
2a)\3 This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11. 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-36 is/are pending in the application. 

4a) Of the above claim{s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim{s) 1-36 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim{s) - are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing{s) filed on 23 October 2003 is/are: a)S accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet{s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)'(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Priority 

This application has no priority claim made. The filing date is 10/23/2003. 
Information Disclosure Statement 

1 . The information disclosure statement (IDS) submitted on 13 October 2006 was 
filed after the mailing date of the instant application on 23 October 2003. The 
submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the 
information disclosure statement is being considered by the examiner. 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b). 
by another filed in the United States before the invention by the applicant for patent or (2) a 
patent granted on an application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international application filed under the treaty 
defined in section 351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and 
was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-5, 9-15. 19-23 and 27-33 rejected under 35 U.S.C. 102(e) as being 
anticipated by Rothrock (US 7,174,320 B2, hereinafter Rothrock). 

3. Regarding claims 1 and 19, Rothrock discloses a method of providing access to 
content on a system comprising: 

determining if a user has rights to access the content according to a content 

license associated with the content; and 
when the user has rights to play the content: 

reading a data structure in the content license defining at least one security 
factor ID and an associated factor value; 
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setting a security factor value for a security factor, the security factor 

corresponding to the security factor ID, to the associated factor value from 
the data structure; 

establishing a ceiling value for each security factor ID; 

wherein setting the security factor value for the security factor corresponding 
to the security factor ID to the associated factor value from the data 
structure comprises setting the security factor value only when the ceiling 
value is not exceeded by the associated factor value; 
allowing access to the content; and 

performing security processing by the system at a level based at least in part on 
the security factor value. 

FIGS. 6 and 7 show flow diagrams of the process according to Rothrock's 
invention. Rothrock inherently discloses the method of securely obtaining a content 
access as described in the instant claims. The player application and the user are 
being considered as a resource requester/receiver. 

4. Regarding claims 2 and 20, Rothrock further discloses performing signature 
verification of the content license prior to determining if the user has rights to access the 
content (Claim 2). 

5. Regarding claims 3 and 21 , Rothrock further discloses module identification 
information field identifies a program module. Signature comprises the digital signature 
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of the contents of the SBDF (signed binary description file) (FIG. 3 and column 5, lines 
52-61). 

6. Regarding claims 4-5 and 22-23, Rothrock further discloses an adaptive security 
table including one or more entries. Each entry includes at least a security factor 
identifier (ID) and corresponding factor value. Each security factor references a 
particular security defense or feature that may be provided by the security system 
operating on the user's machine (FIG. 5 and column 6, lines 51-56). 

7. Regarding claims 9 and 27, Rothrock discloses a method of providing adaptive 
security for access to content on a system comprising: 

determining if a user has rights to access the content according to a content 

license associated with the content; and 
when the user has rights to play the content: 

reading a data structure in the content license defining at least one security 
factor ID and an associated factor value; 

setting a security factor value for a security factor, the security factor 

corresponding to the security factor ID, to the associated factor value from 
the data structure; 

establishing a ceiling value for each security factor ID; 

wherein setting the security factor value for the security factor corresponding 
to the security factor ID to the associated factor value from the data 
structure comprises setting the security factor value only when the ceiling 
value is not exceeded by the associated factor value; 
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allowing access to the content; and 

performing security processing by the system at a level based at least in part on 
the security factor value. 

FIGS. 6 and 7 show flow diagrams of the process according to Rothrock's 
invention. 

8. Regarding claims 10 and 28, Rothrock further discloses performing signature 
verification of the content license prior to determining if the user has rights to access the 
content (Claim 2). 

9. Regarding claims 1 1 and 29, Rothrock further discloses module identification 
information field identifies a program module. Signature comprises the digital signature 
of the contents of the SBDF (signed binary description file) (FIG. 3 and column 5, lines 
52-61). 

10. Regarding claims 12-13 and 30-31, Rothrock inherently discloses validating the 
fon/varded request based on other information therein and determining that the 
requested resource is available and/or can be provided. 

1 1 . Regarding claims 14-1 5 and 32-33, Rothrock further discloses an adaptive 
security table including one or more entries. Each entry includes at least a security 
factor identifier (ID) and corresponding factor value. Each security factor references a 
particular security defense or feature that may be provided by the security system 
operating on the user's machine (FIG. 5 and column 6, lines 51-56). 
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Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

13. The factual inquiries set forth in Graham v. John Deere Co,, 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or 
nonobviousness. 

14. Claims 6-8. 16-18, 24-26 and 34-36 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rothrock in view of Mourad et al (US 7,171,558 B1, hereinafter 
Mourad). 

15. Regarding to claims 6-8, 16-18, 24-26 and 34-36, Rothrock doesn't disclose the 
details of using a digest and a hashing function. However, Mourad discloses a method 
of certification using a code digest (FIG. 4 and column 6, line 21 - column 7, line 52) 
and a hashing function (column 6, lines 53 - 57). It would have been obvious to one of 
ordinary skill in the art to incorporate the teaching of Mourad into the system of 
Rothrock at the time of the invention to use a digest, a hashing function, and further two 
hashes to achieve better security. 
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Remarks 

The following pertaining arts are discovered and not used in this office action. 
Office reserves the right to use these arts in later actions. 



1 . Hesselink et al. (US 7,120,692 B2), Access and Control System for Network- 
enabled Device. 

2. Graunke et al. (US 6,105,1 37), Method and Apparatus for Integrity Verification, 
Authentication, and Secure Linkage of Software Modules. 

3. Scheifler et al. (US 6,934,758 B2), Stack-Based Access Control Using Code and 
Executor Identifiers. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael C. Lai whose telephone number is (571) 270- 
3236. The examiner can normally be reached on M-F 7:30 - 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Marvin Lateef can be reached on (571) 272-5026. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300, 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Sen/ice Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Michael C. Lai 
29MAY2007 
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